gpg: Avoid publishing the GnuPG version by default
c9387e41db75Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpg: Avoid publishing the GnuPG version by default

* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

The version of GnuPG in use is not particularly helpful. It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Details

Provenance

dkg	Authored on Aug 4 2016, 10:58 PM
• werner	Committed on Aug 5 2016, 12:23 PM

Parents

rGc8cc804f56bf: gpg: Make sure that keygrips are printed for each subkey.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rGc9387e41db75: gpg: Avoid publishing the GnuPG version by default (authored by Daniel Kahn Gillmor <dkg@fifthhorseman.net>).Aug 5 2016, 12:23 PM

Changes (2)

Path

Size

doc/

gpg.texi

g10/

gpg.c

rGc9387e41db75

View Options

doc/gpg.texi